External-Mirrors/nextcloudpi
2
0
Fork 0
mirror of https://github.com/nextcloud/nextcloudpi.git synced 2026-01-10 15:12:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

letsencrypt: disable also ncp web certs if OFF

Browse Source 
Signed-off-by: nachoparker <nacho@ownyourbits.com>
This commit is contained in:
nachoparker 2021-10-20 10:25:13 -06:00
parent dcfd1cff4a
commit 36c1f465fc
5 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bin/ncp/NETWORKING/letsencrypt.sh
View File

@ -58,6 +58,9 @@ configure()
rm -f /etc/letsencrypt/renewal-hooks/deploy/ncp rm -f /etc/letsencrypt/renewal-hooks/deploy/ncp
[[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt disable [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt disable
install_template nextcloud.conf.sh "${nc_vhostcfg}" install_template nextcloud.conf.sh "${nc_vhostcfg}"
sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" "${vhostcfg2}"
sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" "${vhostcfg2}"
apachectl -k graceful
echo "letsencrypt certificates disabled. Using self-signed certificates instead." echo "letsencrypt certificates disabled. Using self-signed certificates instead."
exit 0 exit 0
} }
@ -110,8 +113,8 @@ EOF
# Configure Apache # Configure Apache
install_template nextcloud.conf.sh "${nc_vhostcfg}" install_template nextcloud.conf.sh "${nc_vhostcfg}"
sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2 sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" "${vhostcfg2}"
sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" "${vhostcfg2}"
# Configure Nextcloud # Configure Nextcloud
local domain_index="${TRUSTED_DOMAINS[letsencrypt_1]}" local domain_index="${TRUSTED_DOMAINS[letsencrypt_1]}"

4
changelog.md
View File

@ -1,5 +1,7 @@
[v1.41.11](https://github.com/nextcloud/nextcloudpi/commit/c95976c) (2021-10-15) ncp-backup: added help message (#1231) [v1.41.12](https://github.com/nextcloud/nextcloudpi/commit/a41d3d1) (2021-10-20) letsencrypt: disable also ncp web certs if OFF
[v1.41.11](https://github.com/nextcloud/nextcloudpi/commit/dcfd1cf) (2021-10-15) ncp-backup: added help message (#1231)
[v1.41.10](https://github.com/nextcloud/nextcloudpi/commit/ec94e6f) (2021-10-18) nc-static-IP: use ifdown/ifup [v1.41.10](https://github.com/nextcloud/nextcloudpi/commit/ec94e6f) (2021-10-18) nc-static-IP: use ifdown/ifup

10
etc/ncp-templates/nextcloud.conf.sh
View File

@ -46,12 +46,12 @@ if [[ "$1" != "--defaults" ]] && [[ -n "$LETSENCRYPT_DOMAIN" ]]; then
LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN,,}" LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN,,}"
# find the most recent cert otherwise # find the most recent cert otherwise
[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] || {
LETSENCRYPT_CERT_BASE_PATH="$(find /etc/letsencrypt/live -type d -name "${LETSENCRYPT_DOMAIN,,}*" -printf "%T@ %p\n" | sort -n | cut -f2 -d' ' | tail -1)" LETSENCRYPT_CERT_BASE_PATH="$(find /etc/letsencrypt/live -type d -name "${LETSENCRYPT_DOMAIN,,}*" -printf "%T@ %p\n" | sort -n | cut -f2 -d' ' | tail -1)"
} }
# otherwise, in some installs this is the path we use (for legacy reasons) # otherwise, in some installs this is the path we use
[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] || {
if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then
LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud" LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud"
fi fi
@ -63,7 +63,7 @@ else
fi fi
# NOTE: we fall back to self-signed snakeoil certs if we couldn't get a LE one # NOTE: we fall back to self-signed snakeoil certs if we couldn't get a LE one
[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] && { [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] && [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" ]] && {
LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem"
LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem"
} }
@ -72,7 +72,7 @@ cat <<EOF
ErrorLog /var/log/apache2/nc-error.log ErrorLog /var/log/apache2/nc-error.log
SSLEngine on SSLEngine on
SSLProxyEngine on SSLProxyEngine on
SSLCertificateFile ${LETSENCRYPT_CERT_PATH:-/etc/ssl/certs/ssl-cert-snakeoil.pem} SSLCertificateFile ${LETSENCRYPT_CERT_PATH:-/etc/ssl/certs/ssl-cert-snakeoil.pem}
SSLCertificateKeyFile ${LETSENCRYPT_KEY_PATH:-/etc/ssl/private/ssl-cert-snakeoil.key} SSLCertificateKeyFile ${LETSENCRYPT_KEY_PATH:-/etc/ssl/private/ssl-cert-snakeoil.key}
# For notify_push app in NC21 # For notify_push app in NC21

8
updates/1.40.0.sh
View File

@ -11,6 +11,14 @@ source /usr/local/etc/library.sh # sets NCLATESTVER PHPVER RELEASE
# update ncp-restore # update ncp-restore
install_app nc-restore install_app nc-restore
# fix ncp.conf bug if LE is disabled
if ! is_active_app letsencrypt; then
if [[ -f /etc/apache2/sites-enabled/ncp.conf ]]; then
sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" /etc/apache2/sites-enabled/ncp.conf
sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" /etc/apache2/sites-enabled/ncp.conf
fi
fi
# fix letsencrypt with httpsonly enabled # fix letsencrypt with httpsonly enabled
cat > /etc/apache2/sites-available/000-default.conf <<'EOF' cat > /etc/apache2/sites-available/000-default.conf <<'EOF'
<VirtualHost _default_:80> <VirtualHost _default_:80>

8
updates/1.42.0.sh
View File

@ -15,6 +15,14 @@ run_app nc-notify-updates
# update nc-backup # update nc-backup
install_app nc-backup install_app nc-backup
# fix ncp.conf bug if LE is disabled
if ! is_active_app letsencrypt; then
if [[ -f /etc/apache2/sites-enabled/ncp.conf ]]; then
sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" /etc/apache2/sites-enabled/ncp.conf
sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" /etc/apache2/sites-enabled/ncp.conf
fi
fi
# docker images only # docker images only
[[ -f /.docker-image ]] && { [[ -f /.docker-image ]] && {
: :